//
// CryptoConvert.cs - Crypto Convertion Routines
//
// Author:
//	Sebastien Pouliot  <sebastien@ximian.com>
//
// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

using System;
using System.Security.Cryptography;

namespace ILRuntime.Mono.Security.Cryptography
{

    static class CryptoConvert
    {

        static private int ToInt32LE(byte[] bytes, int offset)
        {
            return (bytes[offset + 3] << 24) | (bytes[offset + 2] << 16) | (bytes[offset + 1] << 8) | bytes[offset];
        }

        static private uint ToUInt32LE(byte[] bytes, int offset)
        {
            return (uint)((bytes[offset + 3] << 24) | (bytes[offset + 2] << 16) | (bytes[offset + 1] << 8) | bytes[offset]);
        }

        static private byte[] GetBytesLE(int val)
        {
            return new byte[] {
                (byte) (val & 0xff),
                (byte) ((val >> 8) & 0xff),
                (byte) ((val >> 16) & 0xff),
                (byte) ((val >> 24) & 0xff)
            };
        }

        static private byte[] Trim(byte[] array)
        {
            for (int i = 0; i < array.Length; i++)
            {
                if (array[i] != 0x00)
                {
                    byte[] result = new byte[array.Length - i];
                    Buffer.BlockCopy(array, i, result, 0, result.Length);
                    return result;
                }
            }
            return null;
        }

        static RSA FromCapiPrivateKeyBlob(byte[] blob, int offset)
        {
            RSAParameters rsap = new RSAParameters();
            try
            {
                if ((blob[offset] != 0x07) ||               // PRIVATEKEYBLOB (0x07)
                    (blob[offset + 1] != 0x02) ||               // Version (0x02)
                    (blob[offset + 2] != 0x00) ||               // Reserved (word)
                    (blob[offset + 3] != 0x00) ||
                    (ToUInt32LE(blob, offset + 8) != 0x32415352))   // DWORD magic = RSA2
                    throw new CryptographicException("Invalid blob header");

                // ALGID (CALG_RSA_SIGN, CALG_RSA_KEYX, ...)
                // int algId = ToInt32LE (blob, offset+4);

                // DWORD bitlen
                int bitLen = ToInt32LE(blob, offset + 12);

                // DWORD public exponent
                byte[] exp = new byte[4];
                Buffer.BlockCopy(blob, offset + 16, exp, 0, 4);
                Array.Reverse(exp);
                rsap.Exponent = Trim(exp);

                int pos = offset + 20;
                // BYTE modulus[rsapubkey.bitlen/8];
                int byteLen = (bitLen >> 3);
                rsap.Modulus = new byte[byteLen];
                Buffer.BlockCopy(blob, pos, rsap.Modulus, 0, byteLen);
                Array.Reverse(rsap.Modulus);
                pos += byteLen;

                // BYTE prime1[rsapubkey.bitlen/16];
                int byteHalfLen = (byteLen >> 1);
                rsap.P = new byte[byteHalfLen];
                Buffer.BlockCopy(blob, pos, rsap.P, 0, byteHalfLen);
                Array.Reverse(rsap.P);
                pos += byteHalfLen;

                // BYTE prime2[rsapubkey.bitlen/16];
                rsap.Q = new byte[byteHalfLen];
                Buffer.BlockCopy(blob, pos, rsap.Q, 0, byteHalfLen);
                Array.Reverse(rsap.Q);
                pos += byteHalfLen;

                // BYTE exponent1[rsapubkey.bitlen/16];
                rsap.DP = new byte[byteHalfLen];
                Buffer.BlockCopy(blob, pos, rsap.DP, 0, byteHalfLen);
                Array.Reverse(rsap.DP);
                pos += byteHalfLen;

                // BYTE exponent2[rsapubkey.bitlen/16];
                rsap.DQ = new byte[byteHalfLen];
                Buffer.BlockCopy(blob, pos, rsap.DQ, 0, byteHalfLen);
                Array.Reverse(rsap.DQ);
                pos += byteHalfLen;

                // BYTE coefficient[rsapubkey.bitlen/16];
                rsap.InverseQ = new byte[byteHalfLen];
                Buffer.BlockCopy(blob, pos, rsap.InverseQ, 0, byteHalfLen);
                Array.Reverse(rsap.InverseQ);
                pos += byteHalfLen;

                // ok, this is hackish but CryptoAPI support it so...
                // note: only works because CRT is used by default
                // http://bugzilla.ximian.com/show_bug.cgi?id=57941
                rsap.D = new byte[byteLen]; // must be allocated
                if (pos + byteLen + offset <= blob.Length)
                {
                    // BYTE privateExponent[rsapubkey.bitlen/8];
                    Buffer.BlockCopy(blob, pos, rsap.D, 0, byteLen);
                    Array.Reverse(rsap.D);
                }
            }
            catch (Exception e)
            {
                throw new CryptographicException("Invalid blob.", e);
            }

            RSA rsa = null;
            try
            {
                rsa = RSA.Create();
                rsa.ImportParameters(rsap);
            }
            catch (CryptographicException)
            {
                // this may cause problem when this code is run under
                // the SYSTEM identity on Windows (e.g. ASP.NET). See
                // http://bugzilla.ximian.com/show_bug.cgi?id=77559
                bool throws = false;
                try
                {
                    CspParameters csp = new CspParameters();
                    csp.Flags = CspProviderFlags.UseMachineKeyStore;
                    rsa = new RSACryptoServiceProvider(csp);
                    rsa.ImportParameters(rsap);
                }
                catch
                {
                    throws = true;
                }

                if (throws)
                {
                    // rethrow original, not the latter, exception if this fails
                    throw;
                }
            }
            return rsa;
        }

        static RSA FromCapiPublicKeyBlob(byte[] blob, int offset)
        {
            try
            {
                if ((blob[offset] != 0x06) ||               // PUBLICKEYBLOB (0x06)
                    (blob[offset + 1] != 0x02) ||               // Version (0x02)
                    (blob[offset + 2] != 0x00) ||               // Reserved (word)
                    (blob[offset + 3] != 0x00) ||
                    (ToUInt32LE(blob, offset + 8) != 0x31415352))   // DWORD magic = RSA1
                    throw new CryptographicException("Invalid blob header");

                // ALGID (CALG_RSA_SIGN, CALG_RSA_KEYX, ...)
                // int algId = ToInt32LE (blob, offset+4);

                // DWORD bitlen
                int bitLen = ToInt32LE(blob, offset + 12);

                // DWORD public exponent
                RSAParameters rsap = new RSAParameters();
                rsap.Exponent = new byte[3];
                rsap.Exponent[0] = blob[offset + 18];
                rsap.Exponent[1] = blob[offset + 17];
                rsap.Exponent[2] = blob[offset + 16];

                int pos = offset + 20;
                // BYTE modulus[rsapubkey.bitlen/8];
                int byteLen = (bitLen >> 3);
                rsap.Modulus = new byte[byteLen];
                Buffer.BlockCopy(blob, pos, rsap.Modulus, 0, byteLen);
                Array.Reverse(rsap.Modulus);

                RSA rsa = null;
                try
                {
                    rsa = RSA.Create();
                    rsa.ImportParameters(rsap);
                }
                catch (CryptographicException)
                {
                    // this may cause problem when this code is run under
                    // the SYSTEM identity on Windows (e.g. ASP.NET). See
                    // http://bugzilla.ximian.com/show_bug.cgi?id=77559
                    CspParameters csp = new CspParameters();
                    csp.Flags = CspProviderFlags.UseMachineKeyStore;
                    rsa = new RSACryptoServiceProvider(csp);
                    rsa.ImportParameters(rsap);
                }
                return rsa;
            }
            catch (Exception e)
            {
                throw new CryptographicException("Invalid blob.", e);
            }
        }

        // PRIVATEKEYBLOB
        // PUBLICKEYBLOB
        static public RSA FromCapiKeyBlob(byte[] blob)
        {
            return FromCapiKeyBlob(blob, 0);
        }

        static public RSA FromCapiKeyBlob(byte[] blob, int offset)
        {
            if (blob == null)
                throw new ArgumentNullException("blob");
            if (offset >= blob.Length)
                throw new ArgumentException("blob is too small.");

            switch (blob[offset])
            {
                case 0x00:
                    // this could be a public key inside an header
                    // like "sn -e" would produce
                    if (blob[offset + 12] == 0x06)
                    {
                        return FromCapiPublicKeyBlob(blob, offset + 12);
                    }
                    break;
                case 0x06:
                    return FromCapiPublicKeyBlob(blob, offset);
                case 0x07:
                    return FromCapiPrivateKeyBlob(blob, offset);
            }
            throw new CryptographicException("Unknown blob format.");
        }

        static public byte[] ToCapiPublicKeyBlob(RSA rsa)
        {
            RSAParameters p = rsa.ExportParameters(false);
            int keyLength = p.Modulus.Length; // in bytes
            byte[] blob = new byte[20 + keyLength];

            blob[0] = 0x06; // Type - PUBLICKEYBLOB (0x06)
            blob[1] = 0x02; // Version - Always CUR_BLOB_VERSION (0x02)
                            // [2], [3]		// RESERVED - Always 0
            blob[5] = 0x24; // ALGID - Always 00 24 00 00 (for CALG_RSA_SIGN)
            blob[8] = 0x52; // Magic - RSA1 (ASCII in hex)
            blob[9] = 0x53;
            blob[10] = 0x41;
            blob[11] = 0x31;

            byte[] bitlen = GetBytesLE(keyLength << 3);
            blob[12] = bitlen[0];   // bitlen
            blob[13] = bitlen[1];
            blob[14] = bitlen[2];
            blob[15] = bitlen[3];

            // public exponent (DWORD)
            int pos = 16;
            int n = p.Exponent.Length;
            while (n > 0)
                blob[pos++] = p.Exponent[--n];
            // modulus
            pos = 20;
            byte[] part = p.Modulus;
            int len = part.Length;
            Array.Reverse(part, 0, len);
            Buffer.BlockCopy(part, 0, blob, pos, len);
            pos += len;
            return blob;
        }
    }
}
